Remove the requirement to authenticate for /admin/server_version. (#5122)

This endpoint isn't much use for its intended purpose if you first need to get yourself an admin's auth token. I've restricted it to the `/_synapse/admin` path to make it a bit easier to lock down for those concerned about exposing this information. I don't imagine anyone is using it in anger currently.
2025-05-04 16:44:56 -04:00 · 2019-05-07 09:29:30 +01:00 · 2019-05-07 09:29:30 +01:00 · 59e2d2694d
commit 59e2d2694d
parent 3fdff14207
5 changed files with 32 additions and 38 deletions
--- a/tests/rest/admin/test_admin.py
+++ b/tests/rest/admin/test_admin.py
@ -21,6 +21,8 @@ from mock import Mock

 import synapse.rest.admin
 from synapse.api.constants import UserTypes
+from synapse.http.server import JsonResource
+from synapse.rest.admin import VersionServlet
 from synapse.rest.client.v1 import events, login, room
 from synapse.rest.client.v2_alpha import groups

@ -28,20 +30,15 @@ from tests import unittest


 class VersionTestCase(unittest.HomeserverTestCase):
+    url = '/_synapse/admin/v1/server_version'

-    servlets = [
-        synapse.rest.admin.register_servlets_for_client_rest_resource,
-        login.register_servlets,
-    ]
-
-    url = '/_matrix/client/r0/admin/server_version'
+    def create_test_json_resource(self):
+        resource = JsonResource(self.hs)
+        VersionServlet(self.hs).register(resource)
+        return resource

    def test_version_string(self):
-        self.register_user("admin", "pass", admin=True)
-        self.admin_token = self.login("admin", "pass")
-
-        request, channel = self.make_request("GET", self.url,
-                                             access_token=self.admin_token)
+        request, channel = self.make_request("GET", self.url, shorthand=False)
        self.render(request)

        self.assertEqual(200, int(channel.result["code"]),
@ -49,17 +46,6 @@ class VersionTestCase(unittest.HomeserverTestCase):
        self.assertEqual({'server_version', 'python_version'},
                         set(channel.json_body.keys()))

-    def test_inaccessible_to_non_admins(self):
-        self.register_user("unprivileged-user", "pass", admin=False)
-        user_token = self.login("unprivileged-user", "pass")
-
-        request, channel = self.make_request("GET", self.url,
-                                             access_token=user_token)
-        self.render(request)
-
-        self.assertEqual(403, int(channel.result['code']),
-                         msg=channel.result['body'])
-

 class UserRegisterTestCase(unittest.HomeserverTestCase):